RSS

How-To Geek

Windows software downloads are a mess. Many programs try to drag adware and other malicious junk onto your computer. Even safe programs we test sometimes turn to the dark side and start bundling junk later.

More experienced geeks may not fall for this stuff as often, but we have all kinds of readers here. We prefer to avoid putting our readers into situations where they could be infected because they downloaded something we recommended.

Software Downloads Change

Here’s the worst thing we have to deal with. We regularly test software and find it’s clean and work well, so we recommend it to our readers. We did our due diligence — everything is fine.

But applications are often sold to new owners, or the current owner becomes desperate for income. These formerly trustworthy applications add adware, browser toolbars, spyware, and other junk to their installers. New readers download these tools because we recommended them, and we then start getting emails asking why we’re recommending software that infects our readers’ computers.

It’s impossible to police and regularly check all the software we link to, and we don’t want a huge archive of articles linking to sketchy software that can hurt our readers. If an application isn’t completely trustworthy and there’s a different way to do something, we’ll probably recommend that way.

This shouldn’t apply to more trustworthy software, but it sometimes does. We regularly recommend software like Firefox, Chrome, LibreOffice, CCleaner, VLC, and other popular applications. However, we’ve also recommended popular applications like Foxit Reader and µTorrent and seen them turn to the dark side. Lesser-known utilities are even more suspect.

Adware, Toolbars, and Other Junk in Installers

Installers filled with junkware are perfectly normal in the Windows software scene. This is true even for established, legitimate software. Oracle’s Java runtime attempts to install the Ask Toolbar. μTorrent is a popular BitTorrent client, but have you tried downloading it recently? You have to click through various offers that attempt to install the Conduit Search adware and a scammy PC cleaner on your computer. This junk is marked as “Recommended by BitTorrent”, so less experienced users may think it’s actually recommended software, not that they’re being paid to recommend junk they would never use themselves.

We’ve tried to avoid this in the past by including warnings in the article. We’d write something like “Be careful when installing this software, because it will try to install junk on your computer. Be sure to decline the offers.” But not all readers will pick up on that warning. Some readers may see the warning and accidentally agree as they click through the installation wizard — it’s meant to trick you, after all. The Ask Toolbar even attempts to hide before installing itself, so you can’t immediately uninstall it if you accidentally agree. You’ll have to wait until later — Ask is hoping you’ll forget to do that.

Yes, we Windows geeks have built up an immunity to this type of junk. Many of us don’t even notice — we just carefully click through installers and consider it normal. But many people still fall for this trap.

Fake Download Links

Fake download links are particularly obnoxious. You go to a program’s download page and see five different “DOWNLOAD” buttons. Which is the real download button, and which are actually advertisements that will lead you away from the real software to something that will damage your computer?

Sure, there are tricks you can use here. You can mouse over a link and see where it goes. If you download software for long enough, you’ll pick up a sort of sixth sense and realize which are fake download links and which aren’t. But these links trick people.

We’re not thrilled about the other software downloads these sites push, either. For example, let’s go back to µTorrent again. When you download µTorrent, µTorrent “recommends” you download the VLC media player. This sounds like a great recommendation — VLC is a very good media player.

This link won’t take you to VLC’s official download page; it takes you to a third-party download site. Who knows what this other site is wrapping VLC in — you’ll probably get infected with some type of junk if you install it. If they’re paying for these advertisements, they’re making money from these downloads somehow.

To add insult to injury, µTorrent actually warns you to “Beware of online scams!” when you install it. This warning says you should only download µTorrent from its official site because you could get infected by malware if you download µTorrent from an unofficial site. Yet they’re “recommending” you download VLC from a shady third-party site!

You recommend a program to a family member, and they proceed to install it along with five other junkware programs that sneak their way on to their computer in the installation process. Sound familiar? Unchecky prevents these unnecessary programs from installing themselves by unchecking the appropriate boxes.

Although, it can happen, that the installer for Unchecky itself can be bundled with junk.

Thanks for the heads up. I was unaware that these programs could be sold to nefarious companies and thus, voiding your seal of recommendation! I try to be as aware as I can when I download, but I get hit with some things from time to time. Once again, I appreciate howtogeek's articles that help those of us with less computer knowledge avoid the many pitfalls and snares out in cyberspace! Thanks!

That is something that happens so often that it has turned into a nightmare.... I had a terrible experience with YAC (Yet Another Cleaner) about a month ago and what a nightmare it was. I even emailed the software publishers 5 or 6 times "Elex do Brasil Participações Ltda" and just a few days ago i received an email where they wanted to do a "remote access on my PC" so that they can "fix" it... are they crazy or what, . They must be nuts....Wouldn't use their software even if they pay me... If you're wondering where i downloaded this YAC software it was right here at fileforum.betanews.com ... You can see the comment i posted >>> YAC / comment on Beta News .... I would advise you NOT TO GO NEAR YAC.... just read the comment posted at the link above.....

Chris, here you've really hit the nail on the head. I don't know how many times I've had to help people clean up their Windows machines, due to their downloading a perfectly reasonable application which, unbeknownst to them, brought with it a host of bloatware and/or kidnapped their browser homepage and search engine. I'm doing my best to get people to switch to a user-friendly GNU/Linux distro like Linux Mint, but it hasn't been easy....

Several of the chocolatey packages are already set up to install without the crapware, such as Java. Unfortunately, if chocolatey becomes popular enough, I expect a similar situation will evolve unless steps are taken to properly curate it.

Chocolatey also has a ways to go before it becomes something that most people can use, although paradoxically it is much easier to tell some one to type cinst vlc than to have them open a browser, go to a website, download an exe, find it, and run it, click next several times, etc.

I got my first computer 2 years ago. During that time I've had to go it alone. It has been a steep learning curve. HTG, out of the many sites I dared to review or follow, has provided me with the best and most accurate information to date. At a download screen if given a choice between express or custom install. I never select express. This is the first clue that each screen must be read in its entirety. Further you may just want to avoid the download all together.

I was a long time paid user of an anti virus package. It (IMO) performed as well as could be expected so I stuck with it. One time the installer came with the ASK toolbar and even though I said no it was still installed. I protested to them. I said they were delivering spyware with the anti virus. Next time I looked the installer was clean again. Although I still have paid subs to that AV program I no longer install it. On both Win 7 and Win 8.1 it was corrupting downloads. The hashes were wrong while it was being Web Safe for me.

One of the worst for supplying crapware is the supplier of a very commonly used PDF reader. I even had MalwareBytes Anti Malware block a download from that web site because of crapware in an installer.

Never take the easy way to install anything. Always look at the details.

I use ninite.com to install software, it has many of the popular software on it and will install without the crapware. Great when setting up a new or rebuilt computer, just tick all the software you want and the installer file you download will sort it all out.

Chris there IS a highly reputable solution to this. You can install all your indispensable tools and toys via www.ninite.com. You can even download one installer with all your fave stuff, and run it now and then to update them all. It automatically disables, unchecks or does not install the crapware. Just looking at their list of great high-rep freeware you've been using for years, any geek worth his MAC address will begin to trust. And I can personally attest to hundreds of perfect darkside-free installs. In a world where download.com is no longer a trustworthy place to get safe freebies, and Adobe, Java and Flash all carry the seeds of the Sith, Ninite is a great Jedi weapon.

I consider that Portableapps.com is a good solution for this, although not all software is available there.

Same here. Portable applications don't currently have bundled crapware do they? Or do you think in the future that might change?

A bonus on using portable web browsers is that if you accidentally install something on mistake that hijacks your web browser's search or home page, your portable web browser won't be affected. Just the ones installed on your machine. I was testing out a software a few years ago and got a Babylonian toolbar super glued onto my Firefox. Luckily I tested and used this niftly tool (http://mozbackup.jasnapaka.com/) a few months before to backup my Firefox profile. After spending 8 hours on trying to get rid of the Babylonian search plugin, it turned out the only way to get if off my system was to do a complete uninstall and reinstall of Firefox.

Great article, I'm generally very careful, but I know loads of people who end up with horrendous crap on their PCs. I pay for most of my software and games or go for an open source option, but like pretty much everyone there are also pieces of software that are "free" that I use too. I installed utorrent not too long ago and declined all their "offers", even then during the installation process it drops an adware installer on your pc, I'm assuming it lies dormant because I declined everything but Malwarebytes Pro did pick up on this immediately...very underhand

@bucky good point, I'm assuming they've focused on Windows cos of it's huge install base, I have an Android phone and I tend to use Firefox with adblock plus as my browser and that's great, but the few times I've used Android Chrome, I have noticed some sites autodownloading an apk file, as long as you don't install the apk and just delete it, it's pretty safe but without doubt a lot of users might inadvertently install crapware on their Android devices

After reading your story and all the junk which "free" software want to add to your system. Yes, Ninite.com is good web site to install several free copies of software without the malware in some packages. Couple years ago, you could download CCleaner but there was malware in install of CCleaner the company ask Ninite to remove the package. CCleaner was making money off of install of the malware of ASK toolbar etc. Other site which I like to use is cnet.download.com, today I using Google and look for home site of software because Cnet has added special installer which wants to install other programs (usually junk and malware) so I go ask my questions then go to home site to download the software without any junk (true the home site download will be buggy.) In cases in which you download trial version or you have paid for the package then the install is clean. I have to clean my grandson computer still times because he will install any "FREE" game and they install toolbars, change home settings on his browser. I have learn how to "read" start menu to find the locations of files, the installers will hide them in system32 folder, local\temp folder, program data folder, and/or plain site in program folders. Keeps me on my toes and learn new tricks.

I have often wondered why windows users who venture to linux complain about "software repositories" that are maintained by the community. These are very safe. I guess because something is different it is judged as bad. It is because of BS like this, as well as Windows security holes, that have kept me for years now from running Windows as my main OS. Of course there is a trade off here, as there is a trade off in almost any choice you make. However I am most content with what I have gotten compared to what I have lost in that trade off.

Yes, this is a problem and a growing one at that. Lat last year I downloaded a graphics program from cnet, being careful to not accept the ad-ware laden extras. The result was a days adventure removing adware and malware from my system. cnet did apologize.

Second, being one that looks for easy solutions thought that the AVAST Grime-Fighter may be a good product to have on hand, perhaps recommend, etc. I paid for it, and downloaded it, and ran it, .... well about 48 hours I got my computer back up and running. I had to launch in safe-mode in order to kill and remove the grime. Worse, AVAST support never once replied. It eventually took my bank over a month to contact someone at AVAST and get my money back.

Even for those of us that have been around the block more than once, it is becoming difficult to keep from tripping up. I thought I knew the "good-guys" from the "bad-guys" but they all appear to be wearing those "white hats".

There are better, more legitimate ways of earning money than bundling crap with your product, essentially slowing your client's computer down, making it unusable, and sometimes preventing the client from recommending your product to anybody else.

Hell, if you want to get money from your product, charge for it. We'll pay.

Takes the piss when they bundle crapware like this. However its when they don't ask you. Once I downloaded something (can't remember what it was) and every time I loaded up my web browser (FireFox at the time) it would come up with "Iminent" and I tried to remove this, but it wouldn't be removed, and then I found out it was consuming my system's resources even though I had never installed it, tried to uninstall it and it wasn't in the uninstall list. I installed Linux on that machine instead.

Another problem is license agreements, they hide stuff in there so when you click "I agree" your also agreeing to installing the crapware.